User Profile
Nivedipa-MSFT
MicrosoftJoined 5 years ago
User Widgets
Recent Discussions
Re: Change Greeting Message in AA
@JFM_12 - Thanks for bringing this issue to our attention. Yes, you can update only the greeting message of a Microsoft Teams Auto Attendant using PowerShell, without modifying the menu options. How to do it: Use the Teams PowerShell module (MicrosoftTeams). Retrieve the Auto Attendant object. Update the GreetingPrompt property only. Example PowerShell: # Connect to Teams Connect-MicrosoftTeams # Get the Auto Attendant $aa = Get-CsAutoAttendant -Identity "<AutoAttendantId>" # Update the greeting message (Text-to-Speech example) Set-CsAutoAttendant -Identity $aa.Identity -GreetingPrompt @{ "PromptType" = "TextToSpeech"; "TextToSpeechPrompt" = "Your new greeting message." } Replace <AutoAttendantId> with your Auto Attendant's GUID or name. This command only changes the greeting; menu options remain unchanged. If you use a recorded audio file, set PromptType to "AudioFile" and provide the file.23Views1like0CommentsRe: Azure Bot not joining meeting - Server Internal Error. DiagCode: 500#1203002.@
@guoxl - You have correctly updated ServiceFqdn to "signaling.bottest.com" and verified your Nginx, certificate, AWS security group, and Windows Server configurations. The persistent error 500#1203002 still points to a Teams media platform connectivity or TLS/certificate issue. Key troubleshooting steps: Ensure your certificate's Subject Alternative Name (SAN) includes both signaling.bottest.com and media.bottest.com, not just *.bottest.com, as Teams media platform may require explicit SAN entries. Confirm that Nginx stream block for port 14217 supports both TCP and UDP (Teams media may use DTLS/UDP for media negotiation). Double-check that your certificate chain is complete and trusted by Microsoft Teams. Make sure your bot's public IP (InstancePublicIPAddress) matches the DNS record for signaling.bottest.com and is accessible from the Teams cloud. Review Application Insights and bot logs for any additional error details or handshake failures. For further troubleshooting, see: Troubleshoot HTTP 500 Internal Service Errors Bot Framework Media Platform connectivity requirements If all configuration steps are correct and the error persists, try regenerating the certificate with explicit SANs for all required hostnames and ensure UDP 14217 is open and routed correctly.44Views0likes0CommentsRe: Can I create an Azure Key Vault from a Teams app in the customer’s tenant?
@muradqr5h -If the information above was helpful, I would appreciate it if you could share your feedback. Your feedback is important to us. Please rate us: 🤩 Excellent 🙂 Good 😐 Average 🙁 Needs Improvement 😠 Poor14Views0likes0CommentsRe: Agents Toolkit for Visual Studio - many bots in monorepo
@mbatapr - Thanks for bringing this issue to our attention. Could you please refer the below documents: 1. Microsoft 365 Agents Toolkit Overview - Teams | Microsoft Learn 2. User authentication in the Azure AI Bot Service - Bot Service | Microsoft Learn 3. Convert single-tenant app to multitenant on Microsoft Entra ID - Microsoft identity platform | Microsoft Learn45Views0likes0CommentsRe: Azure Bot not joining meeting - Server Internal Error. DiagCode: 500#1203002.@
@guoxl - Thanks for bringing this issue to our attention. Based on your detailed setup and the error code 500#1203002, this is a Microsoft Teams Real-time Media Platform connectivity issue. The error indicates the Teams media service cannot establish a secure connection to your media endpoint. Root Cause Analysis Error 500#1203002 typically means: Media platform connectivity failure Certificate/TLS handshake issues Network routing problems between Teams and your media endpoint Protocol mismatch in media negotiation Critical Issues in Your Setup 1. Media Platform Configuration Issues Problem: Your ServiceFqdn and certificate don't match your Nginx configuration. Current Setup: ServiceFqdn = "media.bottest.com" // But Nginx serves signaling.bottest.com Corrected Configuration: var mediaPlatformSettings = new MediaPlatformSettings { ApplicationId = _botConfig.MicrosoftAppId, MediaPlatformInstanceSettings = new MediaPlatformInstanceSettings { CertificateThumbprint = _botConfig.CertificateThumbprint, InstanceInternalPort = 8445, InstancePublicPort = 14217, InstancePublicIPAddress = IPAddress.Parse("18.181.xx.xx"), ServiceFqdn = "signaling.bottest.com" // ✅ Match your Nginx server_name } }; 2. Nginx Configuration Problems Issue: Missing UDP support and incorrect SSL configuration for media. Corrected Nginx Configuration: # /etc/nginx/nginx.conf events { worker_connections 1024; } http { # Signaling endpoint (HTTPS) server { listen 443 ssl http2; server_name signaling.bottest.com; ssl_certificate /path/to/fullchain.pem; ssl_certificate_key /path/to/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA; ssl_prefer_server_ciphers off; ssl_dhparam /path/to/dhparam.pem; # Important: Add these headers for Teams compatibility add_header Strict-Transport-Security "max-age=63072000" always; location / { proxy_pass http://127.0.0.1:5001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_read_timeout 86400; } } } # Media endpoint (TCP/TLS) stream { # Connection upgrade mapping map $http_upgrade $connection_upgrade { default upgrade; '' close; } upstream media_backend { server 127.0.0.1:8445; } server { listen 14217 ssl; ssl_certificate /path/to/fullchain.pem; ssl_certificate_key /path/to/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; proxy_pass media_backend; proxy_timeout 1s; proxy_responses 1; proxy_bind $remote_addr transparent; } } 3. Certificate Issues Problem: Certificate chain and validation issues. Required Certificate Setup: # Verify certificate chain openssl x509 -in fullchain.pem -text -noout openssl verify -CAfile chain.pem fullchain.pem # Certificate must include: # - Subject: CN=*.bottest.com # - Subject Alternative Names: signaling.bottest.com, media.bottest.com # - Full certificate chain including intermediates Install Certificate Properly: # PowerShell on Windows Server $cert = Import-PfxCertificate -FilePath "certificate.pfx" -CertStoreLocation "Cert:\LocalMachine\My" -Password (ConvertTo-SecureString "password" -AsPlainText -Force) $thumbprint = $cert.Thumbprint # Verify certificate is accessible Get-ChildItem -Path "Cert:\LocalMachine\My" | Where-Object {$_.Thumbprint -eq $thumbprint} 4. AWS Security Group Configuration Required Ports: # Inbound Rules HTTPS 443 0.0.0.0/0 # Signaling TCP 14217 0.0.0.0/0 # Media (TLS) UDP 14217 0.0.0.0/0 # Media (DTLS) - IMPORTANT! # Outbound Rules All Traffic 0.0.0.0/0 # Allow all outbound 5. Windows Server Configuration Required Services and Ports: # Disable Windows Firewall completely for testing Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False # Enable required Windows features Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerRole Enable-WindowsOptionalFeature -Online -FeatureName IIS-ASPNET45 # Verify port binding netstat -an | findstr ":8445" netstat -an | findstr ":14217" Could you review the points above and let us know if you encounter any issues?0Views0likes4CommentsRe: Is it possible for a Teams app to automatically create an Azure Key Vault during installation?
@muradqr5h - Yes, you cannot auto-create a Key Vault in a customer’s tenant during Teams app install. The best practice is to provide a script or template for the customer admin to run, or clear instructions for manual setup. If the information above addressed your issue, could you please share your feedback. Your feedback is important to us. Please rate us: 🤩 Excellent 🙂 Good 😐 Average 🙁 Needs Improvement 😠 Poor Thanks.104Views1like0CommentsRe: Can I create an Azure Key Vault from a Teams app in the customer’s tenant?
@muradqr5h - Thanks for bringing this issue to our attention. No, installing a Teams app does not silently create an Azure Key Vault within a customer’s subscription. Creating a Key Vault is an Azure Resource Manager (ARM) operation that requires subscription-level permissions, which are not granted by simply installing a Teams app or providing Azure Active Directory (AAD) app consent. The recommended approach is for the customer administrator to carry out a guided and auditable provisioning step—such as using ARM/Bicep templates, the “Deploy to Azure” option, or Azure CLI/PowerShell—to create the Key Vault and assign your app’s service principal the minimum required RBAC role. For large-scale, automated deployments, consider Azure Managed Applications or Azure Lighthouse, both of which require explicit customer onboarding. Why Direct Creation Isn’t Possible ARM operations, such as creating resources or assigning roles, require the caller to have the appropriate RBAC permissions at the subscription or resource group level (such as Owner, Contributor, or User Access Administrator). Giving AAD admin consent only creates a service principal in the tenant and does not grant ARM rights on subscriptions. Recommended Implementation Patterns Guided One-Click Provisioning (Best User Experience and Auditability) Provide an ARM/Bicep template or an Azure Portal “Deploy to Azure” button for your customer admin to run. The template will create the Key Vault and assign your app/service principal the necessary Key Vault role (for example, Key Vault Secrets User). This approach ensures least-privilege access, is auditable and predictable, and minimizes support overhead. Reference documentation: Create Key Vault: Azure Quickstart - Set and retrieve a secret from Key Vault using Azure portal | Microsoft Learn Deploy ARM templates: Deploy resources with Azure portal - Azure Resource Manager | Microsoft Learn Customer Runs a Script (Simple Approach) Provide a small Azure CLI or PowerShell script that: Creates the resource group and Key Vault Assigns your app/service principal the Key Vault RBAC role Example (Azure CLI): az group create -n MyRg -l eastus az keyvault create --name myCustomerVault --resource-group MyRg --location eastus --sku standard az role assignment create --assignee <APP_CLIENT_ID_OR_OBJECT_ID> --role "Key Vault Secrets User" --scope /subscriptions/<subId>/resourceGroups/MyRg/providers/Microsoft.KeyVault/vaults/myCustomerVault Documentation: role assignment and Key Vault RBAC: https://learn.microsoft.com/azure/key-vault/general/rbac-guide Automated Provisioning at Scale (For MSPs/ISVs) Leverage Azure Managed Applications or Azure Lighthouse: Managed Applications (available via the marketplace) can provision resources into customer subscriptions during deployment. Azure Lighthouse enables delegated resource management; after explicit onboarding, your tenant can provision resources programmatically in the customer’s subscription. This method allows for full automation post-onboarding, but comes with increased operational complexity and partner requirements. Further reading: Azure Managed Applications: Overview of Azure Managed Applications - Azure Managed Applications | Microsoft Learn Azure Lighthouse:What is Azure Lighthouse? - Azure Lighthouse | Microsoft Learn Permissions and Consent Details To deploy a Key Vault, the caller must have Contributor or Owner rights on the subscription or resource group. Assigning your app a role requires Owner or User Access Administrator permissions. For your app to later access secrets, it must be granted the Key Vault RBAC role (such as Key Vault Secrets User) or be added to an access policy if using that model. AAD admin consent (app registration permissions) is a separate process and does not provide ARM or subscription rights. Security and Operational Guidance Always use the least-privilege role required (prefer Key Vault Secrets User over Key Vault Contributor). Enable Key Vault security features such as soft-delete and purge protection, and set appropriate access policies. Ensure all provisioning and role assignment steps are audited and logged. Include a validation step in your Teams app UI to check the Key Vault URL and permissions (for example, by attempting to read a test secret), and clearly display remediation steps if needed. Please let us know if you have any further query here.5Views1like0CommentsRe: Microsoft Teams Bot OAuth login shows blank screen and closes without signing in
@shivanandan17 - Thanks for bringing this issue to our attention. Could you please review the following checkpoints? Ensure the connectionName matches exactly: In your code: check process.env.CONNECTION_NAME (case sensitive). In the Azure portal: Bot Channels Registration → Settings → OAuth connection settings → Connection Name. If there’s a mismatch, update and re-test. Confirm the OAuth connection configuration in Bot Channels Registration: Provider should be Azure Active Directory v2 (if applicable). Client Id must be the AAD app client id. Client Secret should be a valid, current secret. Tenant: use the specific tenant id or leave blank for multi-tenant, according to your needs. Scopes should include openid profile offline_access User.Read at a minimum. Use the portal’s “Test connection” button to verify success. If it fails, review clientId, secret, tenant, and scopes. Check your AAD App Registration settings: Redirect URI must include: https://token.botframework.com/.auth/web/redirect Access tokens / ID tokens toggles should be set as per provider guidance. Required delegated permissions (like User.Read) should be granted, with admin consent if necessary. For multi-tenant setups, Supported account types must be set to Multitenant. Review Azure AD Sign-in logs for failed attempts: Go to Azure AD → Sign-ins, filter by time and user, and inspect failed entries for conditional access details. Look for AADSTS errors (such as invalid_client or redirect_uri_mismatch). Note the Correlation ID and Timestamp for cross-referencing with Bot Framework logs. Use Teams desktop DevTools to analyze popup behavior: Press Ctrl+Shift+I to open DevTools, go to the Network tab, and trigger OAuthPrompt. Check requests to login.microsoftonline.com and token.botframework.com for failures. Export HAR and console logs if needed. Enable Application Insights or bot logging for error details: In Azure Portal, link or create an Application Insights resource for your bot. Add logging in your Node app to capture exceptions and OAuthPrompt results. Review traces in Application Insights for exceptions or failed requests. Test with “Test in Web Chat” and check Bot Framework logs: Run the sign-in flow in Web Chat and monitor activity traces. This helps isolate issues from the Teams client. If Web Chat works but Teams fails, focus on Teams DevTools logs and AAD conditional access settings. Try these common quick fixes: Correct any issues with client secret or clientId in the OAuth connection. Add required scopes and ensure they have admin consent in the tenant. If admin consent is needed, use the admin consent URL: https://login.microsoftonline.com/{tenantId}/adminconsent?client_id={clientId}&redirect_uri=htt… Make sure the AAD app includes https://token.botframework.com/.auth/web/redirect in its Redirect URIs.26Views0likes0CommentsRe: Is it possible for a Teams app to automatically create an Azure Key Vault during installation?
@muradqr5h - Thanks for bringing this issue to our attention. You cannot automatically create an Azure Key Vault in a user’s tenant during Teams app installation. Teams app install does not grant your app the permissions needed to provision Azure resources in the customer’s subscription or tenant. Ref Docs: 1.Azure Quickstart - Set and retrieve a secret from Key Vault using Azure portal | Microsoft Learn 2.Assign an Azure Key Vault access policy (CLI) | Microsoft Learn 3.Grant permission to applications to access an Azure key vault using Azure RBAC | Microsoft Learn83Views1like1CommentRe: Retirement of Office 365 connectors (2025 Edition)
@SeanAtPrime - Thanks for bringing this issue to our attention. As of September 9, 2025, Microsoft has not published any new official update or announcement regarding a change, delay, or cancellation of the Office 365 Connectors retirement in Microsoft Teams beyond what is stated in the referenced blog post. The promised update by the end of August 2025 has not appeared on the Microsoft 365 Dev Blog, the official Microsoft Teams blog, or the Microsoft Learn documentation. Monitor the Microsoft 365 Dev Blog, and Microsoft Learn Teams documentation for any new announcements. Thanks, Nivedipa --------------------------------------------------------------------------------------------------------------------- If the response is helpful, please click "**Mark as Best Solution**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate.62Views0likes0CommentsRe: Enabling Cross-Tenant Authentication for Teams Apps with Single-Tenant Bot
@chetanoptimus - Thanks for bringing this issue to our attention. A single-tenant Azure AD app cannot support cross-tenant sign-in, even if distributed via AppSource. We appreciate your input. To ensure your idea is considered for future updates, we recommend submitting it through the Teams Feedback Portal. Feature requests are reviewed by the engineering team and may be prioritized based on various factors, including the number of requests received. If you have any additional thoughts or feedback, please feel free to share them with us. Your contributions are valuable and help improve the product! Thank you again for your valuable suggestion! Thanks, Nivedipa --------------------------------------------------------------------------------------------------------------------- If the response is helpful, please click "**Mark as Best Solution**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate.83Views0likes0Comments
Recent Blog Articles
No content to show